Adobe’s first Patch Tuesday of 2017 features 42 critical security fixes for its Flash Player and other products.
The company issued two bulletins, APSB17-02 covering the Flash Player problems and APSB17-01 for Acrobat and Reader security. None of the vulnerabilities have been reported being exploited in the wild, Adobe said.
The Flash Player fixes are for version 22.214.171.124 and earlier for products Desktop Runtime, Google Chrome, Microsoft Edge and Internet Explorer 11 and Linux. CVE-2017-2938 resolves a security bypass vulnerability, CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, fix a use-after-free vulnerability that could lead to code execution and CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931 resolve memory corruption vulnerabilities that could lead to code execution.
The 29 problems for Acrobat and Reader are also rated critical and patch a variety of problems all of which can lead to remote code execution when used on Windows and Macintosh products. These include a confusion vulnerability, a heap buffer overflow vulnerabilities, use-after-free vulnerabilities, buffer overflow vulnerabilities and memory corruption vulnerabilities.